Hi Joanna,
My take on this is a question I ask myself. Is this a generic supportable option for the SPD or if it is more of a Chromebook specific architecture change?
I would say the question is what you consider "Chromebook-specific". Nothing in this feature is fundamentally tied to Chromebooks, or even to Linux. Any platform could potentially want to choose using something like this if they happen to have a similar OS verification architecture and face similar reasons like us that make them disfavor other solutions. I think an optional feature isn't necessarily not generic just because it is only used/implemented by a single platform (at the moment), as long as it could potentially be used/implemented by other platforms. You wouldn't call the TRNG_SUPPORT feature in TF-A "Juno-specific" just because it's currently only implemented by the Juno board, either.
I take the point there are some warning comments in the code that this change weakens trustzone which rules out any compliance if sought but I think if we keep the patches as is I would like to see these warnings more prominent so that non-Chromebook platforms are more fully aware and so understand the implications of enabling them.
Yes, that's absolutely reasonable and the two suggestions you made sound great. We should implement them in the next iteration of the patch.